Author: Sam Eastwood (Partner), James Ford (Senior Associate), and Josh Haig (Associate) all at global law firm Mayer Brown
3 Oct 2022
The publication of the EU’s long-awaited draft corporate sustainability and due diligence directive in February 2022 marked an important milestone of the emergence of mandatory human rights due diligence legislation, laws that impose a positive obligation on companies to have in place due diligence procedures designed to identify, assess and mitigate adverse human rights impacts of their business activities. In parallel, increasing expectations from key stakeholders – including investors, shareholders, counterparties and consumers – are driving companies to increase their focus on responsible and sustainable business, including around modern slavery and human rights issues, and are placing such issues at the heart of the C-suite agenda.
A company’s failure to manage its modern slavery and human rights risks appropriately could have severe legal, regulatory and reputational impacts. Consequently, companies need to ensure they address modern slavery and human rights risks in their organisation and supply chains to respond to emerging legislative trends, stakeholder expectations and to enhance and preserve company value.
The direction of travel: Embedding soft law principles into hard law obligations
The United Nations Guiding Principles on Business and Human Rights (UNGPs) are a set of guidelines for States and companies to prevent, address and remedy human rights abuses linked to business. Among other things, the UNGPs state that the responsibility to respect human rights requires businesses (i) to avoid causing or contributing to adverse human rights impacts; (ii) to have in place related policies and procedures appropriate to their size and circumstances; and (iii) to conduct human rights due diligence to identify, prevent and mitigate adverse human rights impacts.
The UNGPs are increasingly being baked into hard law obligations:
• Modern slavery and human rights reporting obligations: The UK Modern Slavery Act 2015 requires certain companies to publicly report on modern slavery risks in their supply chain. Similar public disclosures are required in other jurisdictions ( California, Australia, for example). Moreover, the EU is expanding its corporate reporting obligations to require more detailed and more extensive public disclosures, including in relation to human rights.
• The rise of mandatory human rights due diligence laws: The EU is at the forefront of the move to mandatory human rights due diligence. In February 2022, the European Commission published its long-awaited draft corporate sustainability and due diligence directive which imposes a positive burden on certain companies to have in place due diligence procedures designed to identify, assess and mitigate adverse human rights and environmental impacts in their operations and entire value chains. Furthermore, a number of countries already have national laws in place that implement similar standards (France, Germany, Norway and the Netherlands) and many others have similar draft laws under consideration.
The response: developing a human rights risk programme in practice
These developments present a number of challenges for companies in practice.
• Overlapping legal obligations – companies should ensure that they track legal developments across all relevant jurisdictions and anticipate their impact as part of their broader human rights risk strategic planning.
• Responsibility – ‘Sustainability’ has traditionally been ‘owned’ by the sustainability or HR functions within an organisation. Sustainability must encompass an understanding of human rights risks under the evolving legal and regulatory landscape. Consequently legal and compliance functions should be involved in human rights risk strategic planning. Companies should look to convene and empower cross-functional working groups with representatives from key functions, such as legal, compliance, sustainability, HR, procurement and operations. Boards must oversee the company’s due diligence policy and programme.
• Human rights risk assessment – in order to understand and identify an organisation’s salient human rights risks and to inform the development of its human rights policies and procedures, it is essential to conduct a human rights impact assessment which looks beyond the risks to the company itself to the impact (and risks) of the company’s business activities. Companies should ensure that such an assessment is conducted by an appropriately qualified team, is operationalised, and updated.
• An integrated programme – internal and external stakeholders increasingly expect that human rights considerations are integrated into group policies and planning processes. Companies can readily address this by maintaining a standalone human rights policy and ensuring that existing processes incorporate consideration of human rights risks.
• The disclosure challenge – companies will increasingly be compelled to make detailed disclosures of their risks and related programmes and to demonstrate progress year on year; they need to ensure that they can stand behind the public disclosures they make both in relation to human rights and broader ESG topics. Inaccurate disclosures could expose a company to reputational taint, litigation risk and regulatory scrutiny.
• Expertise – it is essential that companies engage appropriate human rights subject matter experts in developing and reinforcing their human rights strategic planning efforts. This could be through the hiring of appropriate qualified experts, the engagement of external advisors or the appointment of human rights experts to the board.
In practice, many companies can leverage existing policies and procedures (eg relating to anti-bribery and corruption) and incorporate human rights (and environmental) considerations into existing operating procedures. This approach could result in a holistic and integrated enterprise risk management approach through a set of procedures that are already familiar to business teams.
The defence: the cost of getting it wrong
A failure to appropriately identify, assess and mitigate human rights risks in an organisation and its supply chains can have severe impacts for a company. From a legal perspective, a breach of human rights-related contractual undertakings with customers (for example under supplier codes of conducts) could expose a company to litigation, contract termination and, in the case of public procurement projects, debarment from future tenders.
The draft EU Directive makes companies (including non EU companies) liable for the acts of their value chain partners where companies do not appropriately identify risks and take appropriate preventative steps. From a regulatory perspective, the prospect of regulatory fines in different jurisdictions is increasing as regulatory expectations and scrutiny increases.
From a reputational perspective, identified human rights issues can impact company value as well as performance against ESG benchmarks. It may also serve as a litmus test as to deficiencies in wider risk management. And all of these factors can have a wider commercial impact on a company – with a potential to harm both company value and company growth prospects.
The bottom line is simple: companies need to ensure they address modern slavery and human rights risks in their organisation and supply chains. To do so will not only protect a company from the legal, regulatory and reputational exposure, but will also enhance the commercial proposition of the company as an ethical and responsible business brand.